The short version: an AI agent that can move money, issue refunds, or send things to your customers without a human saying yes is a liability, not a feature. Every agent noorflows builds is governed by design — it proposes, you approve — and you own it: the workflows, the prompts, and the keys live on your infrastructure, not rented back to you per ticket. This page explains exactly what that means and how your data is handled.
This page covers AI agents and automations noorflows builds for clients. For how the noorflows.com website itself handles data (analytics, lead forms, payments), see the Privacy Policy.
1. Governed by design — the approval gate
Any action that moves money, makes a commitment, or sends something external — a refund, a discount, a cancellation, an outbound email, a write to your store or CRM — is approval-gated. The agent prepares the action and the evidence behind it; a human approves before anything happens.
This is the direct, recommended mitigation for what the OWASP Top 10 for LLM & Agentic Applications calls Excessive Agency: agents are given the minimum authority to act, and the consequential decisions stay with a person. It also contains the blast radius of any prompt-injection attempt — even a successful manipulation cannot, on its own, execute a money-moving action.
2. Grounded answers — it does not invent facts
Agents answer from real data and your own documents — order records, your knowledge base, your policies. When the answer is not in the source data, the agent says so and escalates to a human rather than guessing. "Where is my order?" is answered from the actual order status, never a plausible-sounding fabrication.
3. AI disclosure
Customer-facing agents identify themselves as AI and offer a clear path to a human. This aligns with the EU AI Act transparency obligations for AI systems that interact with people (in force from 2 August 2026), and it is simply how trustworthy support should work.
4. Prompt-injection resistance
Untrusted input (customer messages, scraped pages, documents) is treated as data, not instructions. Agents run with scoped, least-privilege tools, so even a crafted message cannot expand what the agent is allowed to do. Combined with the approval gate above, this addresses the top entries in the OWASP LLM risk list — prompt injection, sensitive-information disclosure, and excessive agency.
5. Data & PII handling
We follow data minimization: an agent is given only the data it needs for the task at hand. Where personal data is involved, identifying details are minimized or redacted before they reach the model wherever the workflow allows, and sensitive fields are kept out of logs. Customer data is processed to answer the request — it is never sold, and it is not used to train third-party models.
6. Scoped, rotated credentials — you hold the keys
Integrations use per-engagement, least-privilege API credentials — never shared, broad, or long-lived "god keys." Keys are scoped to exactly what the workflow needs, rotated, and stored in your own secret store. This follows current non-human identity (NHI) security guidance for AI agents. Because the system is yours, you can revoke any credential at any time.
7. Audit trail
Sensitive actions — what the agent proposed, who approved it, and what happened — are logged, so there is an answerable record of every decision. This is what makes "governed" verifiable rather than just a claim.
8. You own it — no lock-in
noorflows builds on self-hosted n8n. At the end of an engagement you hold the workflows, the prompts, the configuration, and the keys. You can run it on your own infrastructure (including in your own region for data-residency needs) or have noorflows host and maintain it for you. There is no per-ticket rent and no vendor lock-in — the opposite of pay-per-resolution AI support.
9. Subprocessors (for AI builds)
Depending on what is built, an agent may rely on:
- Anthropic (Claude) — the primary language model. Anthropic does not train on data sent through its API.
- DeepSeek — optionally used for high-volume, lower-stakes processing to control cost; the governed decision logic stays on Claude.
- n8n (self-hosted) — the orchestration layer, run on your infrastructure or on noorflows-managed hosting.
- Cloudflare — edge hosting and delivery.
- Your chosen integrations — e.g. Shopify, your helpdesk, CRM, or email provider. These are selected by you per engagement.
The exact subprocessor list for your build is documented for your engagement. Subprocessors used by the noorflows.com website itself are listed in the Privacy Policy.
10. Data residency
Self-hosted components (n8n and your data store) can run in the region you choose. Model inference through Anthropic / DeepSeek is processed in the provider's regions. If you have specific residency requirements (for example, keeping EU customer data in the EU), tell us up front and we will scope the architecture — including which steps may run on a self-hosted or open model — to meet them.
11. Standards we build to
- OWASP Top 10 for LLM & Agentic Applications — approval gating, least-privilege tools, input handling, and logging map to these controls.
- EU AI Act transparency (AI disclosure; effective 2 August 2026).
- GDPR / CCPA data-subject rights — see the Privacy Policy.
- Non-human identity (NHI) credential hygiene — scoped, rotated, least-privilege keys.
What we do not claim
noorflows is a small, independent consultancy and is not currently SOC 2 or ISO 42001 certified. We build to those control principles and can support your own compliance and vendor-review process, but we will never claim a certification we do not hold. If formal certification is a hard requirement for your procurement, tell us and we will be straight with you about what we can and cannot meet today.
Data Processing Agreement & security review
A Data Processing Agreement (DPA) is available on request, and we are happy to complete a reasonable security questionnaire before an engagement. Email syed@noorflows.com.
Contact
Questions about how an agent is governed, how your data is handled, or to request a DPA:
Syed Noor
syed@noorflows.com